Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
ETag
Pragma
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Request-ID
X-Generator
P3p
X-Cacheable
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Content-Security-Policy
X-Iinfo
Status
X-Ua-Compatible
Feature-Policy
Content-Encoding
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
Upgrade
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Dns-Prefetch-Control
X-Via
Keep-Alive
X-Ws-Request-Id
Request-Context
Server-Timing
X-Robots-Tag
X-AH-Environment
X-Hacker
X-Server
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Cache-Group
X-Server-Powered-By
X-Backend
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
EagleId
X-Nginx-Cache-Status
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
X-UA-Device
Grace
X-Page-Speed
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
EagleEye-TraceId
X-Device
X-Vhost
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
NEL
X-Dispatcher
Cf-Railgun
X-OneAgent-JS-Injection
X-Host
X-Server-Id
X-Cache-Spec
X-WebKit-CSP
X-CST
X-Node
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
Request-Id
Surrogate-Control
Accept-CH
X-Readtime
X-Akam-SW-Version
X-Response-Time
Accept-Ch-Lifetime
Xkey
X-HW
X-Language
X-Application-Context
X-Template
X-Country
X-Webkit-CSP
X-Ac
Content-Location
X-Cloud-Trace-Context
X-Cache-Lookup
X-Ruxit-JS-Agent
Rating
MS-Author-Via
X-Url
Edge-Control
X-TtlSet
X-Vname
X-PC
X-Mod-Pagespeed
X-Clacks-Overhead
X-B3-TraceId
X-Trace
X-Varnish-TTL
Fastly-Restarts
X-Content-Type
X-MS-InvokeApp
X-Rack-Cache
X-Origin-Cache
X-ESI
X-Buckets
X-GitHub-Request-Id
X-ASPNET-VERSION
X-Cnection
X-Country-Code
X-Goog-Hash
Accept-Ch
X-D2id
Verso
X-VARITI-CCR
X-Cdn-Fetch
X-Kinja-Build
Accept-CH-Lifetime
X-Kinja-Revision
X-Kinja-Server
Arr-Disable-Session-Affinity
X-Kinja
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Use-Magma
X-ORACLE-DMS-ECID
Cache-Tag
X-Vcap-Request-Id
Service-Worker-Allowed
X-FastCGI-Cache
X-Cached
X-Abt-Application-Version
X-Server-Name
X-Client-IP
X-Amz-Rid
X-Navigation-Version
X-Px
X-Server-ID
X-Cache-TTL
RTSS
Public-Key-Pins
X-Powered-By-Plesk
X-Fastly-Request-ID
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Access-Control-Request-Method
X-MSEdge-Ref
X-Element-Page-Cache
X-Powered-CMS
X-Dw-Request-Base-Id
X-NF-Request-ID
X-Upstream
X-Version
X-TTL
Display
Pagespeed
X-Middleton-Response
X-Sol
Response
X-Middleton-Display
S
X-Kinsta-Cache
X-Edge-Location-Klb
X-Edge
X-LLID
X-Ttl
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Cache-Key
X-ECACHE
X-Accel-Expires
X-Shield-Request-Id
Realpath
X-HP-Webp
X-Jurisdiction
X-Correlation-Id
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-ORACLE-DMS-RID
X-T
X-Oneagent-Js-Injection
X-DynaTrace
X-SharePointHealthScore
SPRequestGuid
X-PressLabs-Stats
X-Mid
X-MCACHE
X-Content-Security-Policy-Report-Only
Edge-Cache-Tag
SPRequestDuration
SPIisLatency
X-Litespeed-Cache
Fastcgi-Cache
X-XRDS-Location
X-Amz-Server-Side-Encryption
X-Ruxit-Js-Agent
Nginx-Cache
X-Content-Digest
X-Mg-S
X-Forwarded-Proto
X-Recruiting
TP-Cache
TP-L2-Cache
Charset
X-Request-Received
TCN
X-Request-Processing-Time
Front-End-Https
X-Id
Alternate-Protocol
Server-Node
X-Logged-In
Filters
Content-MD5
X-Forwarded-For
X-Geo-Country
X-Ezoic-Cdn
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Content-Source
X-Protected-By
Cache-Tags
X-Hostname
X-Origin-Upstream-Status
X-Amzn-Trace-Id
X-Grace
X-NWS-LOG-UUID
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Www-Served-By
X-F-Cache
X-Debug-Info
Cleartype
X-Amz-Replication-Status
X-Origin-Server
X-Rid
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-LB-Cache
X-HS-Combine-CSS
Host
X-Activity-Id
X-AppVersion
X-Az
X-RateLimit-Remaining
X-Contextid
X-Ab
X-Daa-Tunnel
X-Git-Hash
X-Page-Id
Section-Io-Cache
Server-Name
X-Browser-Type
X-Release
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Frontend
X-Ser
X-VCache
MicrosoftSharePointTeamServices
X-Cache-Age
X-Content-Options
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Fastcgi-Cache
Accept-Charset
X-Kong-Proxy-Latency
X-Aspnetmvc-Version
X-Kong-Upstream-Latency
X-Hits
ServerID
X-Mobile-URL
X-DIS-Request-ID
X-WebKit-CSP-Report-Only
X-Source
X-Aspnet-Duration-Ms
X-Request-Guid
X-Providence-Cookie
X-Flags
X-Respond-Thread
X-Is-Crawler
X-Route-Name
X-Cache-Action
X-Signature
X-B-Cache
X-Varnish-Age
Viewport
X-Varnish-Backend
X-Whom
Healthy
X-FB-Debug
Paypal-Debug-Id
Payment
X-Varnish-Grace
X-TT
X-B3-Sampled
X-App-Environment
X-AOL-HN
Node
X-CACHE-GROUP
DynaTrace
Fastcgi-Useragent
X-Yandex-Sdch-Disable
X-Load-Cache
X-Mobile
Version
DC
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Seen-By
X-N
Filterid
X-Distributor
SRV
X-HTML-Minification-Powered-By
X-User-Agent
X-Type
X-Cache-Control
Frame-Options
Retry-After
X-XRDS-LOCATION
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Jobs
MS-CV
Refresh
X-Cache-Expired-At
X-FW-Serve
X-FW-Hash
X-Original-Request-Id
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Dynamic
X-Response-Served-From
X-UUID
X-Adobe-Loc
NGB
X-Adobe-Content
X-Page-View
X-Proxy-Cache-Status
X-Region
X-Debug-IsPreview
X-Real-IP
X-Instance
X-Debug-IsConnected
X-NGENIX-Cache
X-Varnish-Server
X-Tumblr-User
X-Vgn-Hpd-Reason
X-G
X-B
X-Azure-Ref
X-Node-Name
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-IPLB-Instance
X-Tumblr-Pixel-1
X-Cluster-Name
X-Tumblr-Pixel
X-Cacheable-TTL
X-RemovedCookies
X-ProcessESI
X-Tumblr-Pixel-0
X-HP-Trace-Id
Access-Control-Request-Headers
X-CDN-Forward
X-Device-Type
X-Cache-Time
X-Content-Powered-By
X-Proxy
X-Framework
X-RTag
Ms-Operation-Id
Amp-Access-Control-Allow-Source-Origin
X-Zen-Fury
X-IPS-LoggedIn
Uber-Trace-Id
X-Cache-Hit
X-Cache-Rule
X-Aws-Lambda-Call-Status
Cache-Status
SD-X-WS
Referer-Policy
Liferay-Portal
X-Is-Bot
X-Rendered-As
X-Ms-Version
X-Wix-Request-Id
X-Ms-Request-Id
X-Drupal-Cache-Tags
X-RateLimit-Limit
X-Time
X-Parallel-Accel
Section-Io-Id
X-Mg-Request-UUID
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Countrycode
X-EdgeConnect-Cache-Status
X-Oracle-Dms-Rid
X-Debug
X-Accel-Buffering
X-Environment-Context
X-Revision
X-L-Path
X-Request-Handler-Origin-Region
X-App-Server
AR-PoweredBy
AR-CACHE
AR-ATIME
Ar-Sid
AR-Request-ID
S-Cnection
X-Microsite
X-Nginx-Cache
Country
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Operation
Count-Hit
CF-IPCountry
X-Drupal-Cache-Contexts
Cache
X-App-Version
X-FW-Version
X-GG-Cache-Date
X-JoinUs
X-SaId
X-RN-RSRV
X-ES-SERVER
Surrogate-Key
Meta-Geo
Akamai-GRN
X-Endurance-Cache-Level
X-UPSTREAM-Address
X-Cache-TTL-Remaining
X-Loop
X-TNCMS
X-LAGOON
From-Origin
X-SayCDN-TTL
X-Adobe-Source
X-Cache-Type
X-Say-TTL
X-Say-Cacheable
Azure-InstanceId
Azure-RegionName
X-S-Maxage
Azure-SlotName
X-Request-Time
X-Human
X-APP-VERSION
X-Varnish-Beresp-Grace
Azure-Version
X-NYM-Debug-Backend
Azure-SiteName
Protected
X-Sql-Count
Country-Code
X-Sql-Duration-Ms
Fastly-SSL
X-PCL
X-Xfnlog-Site
X-OCL
X-Alternate-Cache-Key
Eomportal-Instance
X-AWS-Id
Decoy-Debug-TTL
X-Proto
X-Origin-Date
ServedBy
X-Varnishpool
Cache-Tv-Group
Decoy-Debug-Key
Apigw-Requestid
Cache-Name
Decoy-Debug-Status
X-R9-Blue-Green-Version
X-PHP-Host
X-VWS-Id
X-No-Session
X-Pubstack
X-TA-CDN-Provider
X-ProxyCache-Status
X-Labrador-Cache-Channel
X-RCS-CacheZone
X-Hosted-By
X-Varnish-Hostname
X-Handled-By
X-Status
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-ShardId
X-LJ-Flow-ID
X-ProxyCache-Key
X-BYPASS-REASON
X-Sorting-Hat-ShopId
X-Hyper-Cache
TWC-Connection-Speed
X-Server-W
X-Redis-Cache
TWC-GeoIP-Country
X-Tumblr-Pixel-2
X-Timing-Wait
Selected-Fe
X-Origin-Hint
X-Akamai-Edgescape
X-Web-Node
X-Access
X-Proxy-Build
X-Section
X-Be
X-Via-Fastly
X-Uri
X-Cache-Server
X-UA-Device-Type
X-Format
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
Property-Id
TWC-Device-Class
X-B3-SpanId
X-ApacheServer
GEO-INFO
X-Backend-Host
X-PHP-Backend
X-PERF
Mn-Server-Ip
X-FireWall-Port
X-FB-TRIP-ID
X-Cluster-Node
X-Time-Microsecs
X-Servername
X-Backend-Name
X-Hl-Ver
Nel
OT-Force-Account-Verify
X-ServerID
Cross-Origin-Opener-Policy
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-ATG-Version
X-Ua-Device
X-Tumblr-Pixel-3
X-Detected-As
X-B3-Traceid
X-Azure-Ref-OriginShield
X-Cache-PHP
Web-Mar-Node
X-Varnish-Cache-Hits
X-Generation-Time
Cross-Origin-Window-Policy
X-Cache-Host
X-Datadome
X-Ua
X-Trace-Id
Backend
X-Content-Age
X-TT-LOGID
X-Varnish-Hits
Content-Secure-Policy
Xserver
X-CS
Ec-Rule-Version
X-Via-JSL
X-CSRF-Token
X-MP-GENERATED-AT
X-WA-Info
Source
X-SRV
X-Soup
X-Akamai-Transformed
Upgrade-Insecure-Requests
X-Cache-Grace
X-Cache-Enabled
X-Edge-Location
X-Microcachable
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-Cdn
X-Bc-Bl
X-Mode
Url
X-Varnish-Beresp-Ttl
X-NWS-UUID-VERIFY
X-Forwarded-Host
X-Info
X-Rule
X-Locale
X-Origin-TTL
X-Origin-CC
X-Site-Version
SID
X-Varnish-Beresp-Status
S-Rt
Content-Disposition
X-Unique-Id
X-Ua-Browser
X-Magnolia-Registration
X-Tb
X-Content
X-Cached-By
AMP-Access-Control-Allow-Source-Origin
Req-Svc-Chain
X-B-Cookie
Path
X-Proxied
X-PAYTM-SRV-ID
X-AIR-PT
X-ARC
X-Platform-Server
X-Aicache-OS
X-Processor
X-PBS-Appsvrname
Odigeo-Trace-Id
X-Application
Apple-News-Services-Request-Url
DCR-Processing-Time-Ms
Expiry
Fastcgi-X-Cache-Version
DCR-Decision-By
X-Forwarded-Path
CDN-RequestCountryCode
CDN-RequestId
CDN-Uid
State
Fastly-SIE
T-Server
MD5-Digest
Surrogated-Key
Host-ID
Meta-Geo-Continent
Fastly-SWR
X-From
X-Ftr-Request-Id
CDN-PullZone
CDN-EdgeStorageId
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-A-Dgt
A
X-Orig-Expires
X-A-Wwc
X-NU-AKA-ACS-Version
X-NAPM-TraceId
X-A-Dcw
CDCHOST
CDN-Cache
CDN-CachedAt
X-A
X-A-Ccd
BehaviorPad-Version
Mobile-Detection-Method
X-A-Dam
X-Aed
User-Cache-Control
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Developer
X-Session-Fingerprint
X-Destination
X-VG-WebServer
X-Debug-Cache
X-Vdms-Version
X-ScT
X-VG-WebCache
X-Zipkin-Id
X-Epic-Correlation-Id
X-Extlb
X-CF-Lambda-Version
X-Cache-NE
X-CF-Lambda-Fn
X-Dc
X-GEO
X-Tenant
X-External-Request-Id
X-SRCache-Key
X-Shop-Environment
X-D
Rendered-Blocks
X-BBC-Edge-Cache-Status
X-Rebelmouse-Surrogate-Control
X-Conf
X-Storage
X-Request-URI
X-Routing-Service
X-BCube-Filmed-By
X-Rojux
X-S
X-Rewrite-Enabled
X-Rebelmouse-Cache-Control
X-Cache-Bucket
X-Connection-Hash
X-S-Cookie
X-Ratelimit-Reset
X-Ratelimit-Limit
X-Cache-NGX
X-EC-Lua
X-Proxy-Upstream
NGX
Cmstype
X-SVT-ORM-RULES
X-Loc
Origin
X-Request-UUID
X-Li-Fabric
L
X-Cache-Info
X-Cache-Debug
M-TraceId
UCS
Is-Eu
Fastly-Drupal-HTML
X-LI-UUID
X-Li-Pop
Cmsid
Fastly-Backend-Name
X-Service
X-VG-TLSProxy
X-Fastly-Cache
X-Origin-Expires
Pics-Label
X-Accel-Expires-Debug
X-Variation
X-Fastly-Backend
Adler-Geo
X-VServer
Platform
Cache-Host
Cache-Key
X-Date
X-Core-Value
X-SVT-ORM-VERSION
X-Men
X-Backend-State
X-Envoy-Decorator-Operation
X-DPWN-IS-SECURE
X-TrackingId
X-Cms-Context
X-DataDome
X-Cache-Id
X-Cache-Tags
X-Gamma-Serve
Sever-Int
X-Generated-By
X-Generated-On
X-Gen-Mode
Server-Host
Server-Hostname
Server-Ext
X-Cluster
X-Developers
X-Device-Os
X-Esi-Check
X-DefHash
X-DefElseHash
X-Bip
X-Block-Status
X-Branch-Name
X-Clientip
VNS-Cache
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
True-Client-Country-4JS
X-Ckpd-Fst-Backend
VNS-Age
Vix-Hermes-Req-Id
X-Forwarded-Site
TDXMobile
X-Thinkindot-L3
X-Geo-Header
X-VC-Cache
X-VarnishDD-TTL
X-Varnish-Remaining-TTL
X-RateLimit-Limit-Second
X-Origin
X-Old-Content-Length
X-Thanos
Cf-Device-Type
C-Via
Arc-Version
X-Nginx-Cache-Key
X-RateLimit-Remaining-Second
X-Req
X-Varnish-CookieHashed-On
X-SIPLIST1
X-Slack-Backend
X-Var-Ttl
X-DC
X-Sigma-Backend
X-Sigma
X-Varnish-CookieINHashed-On
X-Rocket-Build-Number
X-Scheme
X-Served-From
X-Via-NSCOPI
X-Micro-Cache
X-Has-Esi
X-Gzip
X-Hash
X-HN
Locid
X-Viewer-Country
X-Varnish-Ttl
X-Wikidot-Backend
PFcat
X-Worker
PB-RID
PB-PID
X-Wikidot-Static-Cache
Location
X-Hnp-Log
Esi-Enabled
X-Location
CPC-Cache
CPC-Age
X-Level-Front-Cache
Fastcgi-Cache-TTL
X-JWT-State
X-Is-Gdpr
IsBot
X-Ratelimit-Remaining
X-Amz-Meta-S3cmd-Attrs
X-M-Log
X-M-Reqid
X-Platform
Server-Info
X-NCache
X-Vdms-Path
X-WADP-Cache
X-Auto-Login
X-Eu-Site
X-Planisys-CDN-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Irp-Debug
X-Fmm-Version
X-GoCache-CacheStatus
X-GeoIP-City
X-GeoIP
X-Generated-In
X-Fetched-On
X-FC-Vary-Parameters
X-Policy
X-Request-Host
X-Skip-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Mvc-Supplant-Cachable
X-Owner
X-Sucuri-ID
Webserver
Mail-Subject
X-Qnm-Cache
Memcached
Pagetype
Arc-Country
Release
L5d-Success-Class
HA-Ipaddr
X-Tx-Id
DSUID
CacheControlHeader
Gh-Request-Id
Ha-Gx-Prefs
Svr
NM-Fastcgi-Cache
Wxu-Next-Region
Wxu-Next-Commit
X-CGP
X-Clara-WADP
X-Csrf-Jwt
We-Hiring
Wxu-Next-Hostname
V-Age
AKAMAI
XServer
X-Unique-ID
NtCoent-Length
X-Qloud-Router
X-HS-Content-Campaign-Id
X-V-Cache
DataCenter
X-Via-Popn
X-Platform-Router
X-Via-Popv
X-Platform-Cluster
X-Platform-Processor
X-Servedbyhost
X-Via-Poph
MIME-Version
X-LSADC-Cache
X-Mvc-Supplant-OutputCached
Cache-Hits
X-Render-Time
X-Rocket-Nginx-Serving-Static
Kp-EeAlive
X-Srv
X-SD-PageType
X-Cache-Remote
Environment
X-Cache-Var
X-NC
X-User
X-Cache-Var-Map
X-Zone
Who
X-Cache-Ttl
X-PF-Uncompressing
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-PJAX-URL
X-BBC-Origin-Response-Status
X-Vc
X-Traceid
X-NodeID
X-Datadog-Sampling-Priority
X-Nyt-Route
X-Origin-Time
X-API-Version
X-Gdpr
X-ID
Server-ID
X-Minions-Version
X-Varnish-Url
X-Via-Ucdn
X-Wa
WebServer
X-App
X-Pod-Name
X-Refresh
X-Internal-Host
Cluster
X-LB-ID
Candidate-Md5Url
X-Cache-Config
X-Server-IP
My-App
Time
X-VCL-Version
Powered-By-ChinaCache
X-Webkit-Csp
Memory
X-TIME
HostName
X-CACHE-KEY
X-Pass-Why
X-ZONE
X-Newrelic-Synthetics
X-Webkit-CSP-Report-Only
Datacenter
Geo-Info
Onion-Location
Web-Mar-Region
Geoip-Latitude
N-Cache
X-NewRelic-App-Data
GeoIp-Country-Code
X-TX-ID
X-Esi
X-LI-Proto
X-Edge-Pop
X-CLOUD-TRACE-CONTEXT
X-ElasticPress-Query
Servername
X-OVcl
Resin-Trace
X-Tb-Optimization-Total-Bytes-Saved
X-OVcl-Cache
X-VHOST
X-Origin-Response-Time
X-Varnish-Cacheable
Cf-Bgj
Hostname
X-Akamai-Pragma-Client-IP
X-TraceId
Ohc-File-Size
X-Backend-TTL
Tcn
X-Geo
X-Dynatrace
X-HITS
WWW-Authenticate
Magicmarker
X-CACHE-AGE
X-Tt-Logid
CDN
X-Fpc
X-Li-Proto
X-EIG-Tracking-Id
LB
X-TIM-N
X-Tid
Redirect-Candidate
X-NODE
X-Dispatcher-Server
Cdn
X-Method
X-MSEdge-Features
X-Varnish-Beresp-TTL
X-MSEdge-Flight
Cf-Ipcountry
X-AB
X-Correlation-ID
X-Wix-Viewer-Type
Tracecode
X-Dynatrace-Js-Agent
GeoIP-Country-Code
Proxy-Connection
X-Up
X-HostName
DB-Nickname
Pramga
X-Cache-Date
Is-Us
GeoIP-Latitude
X-Vcl-Version
X-IP
X-Request-Start
Ssr
X-HS-Status
X-Amz-Meta-Cb-Modifiedtime
X-Cdn-Origin
X-Sn-Servicetimems
X-APP
X-Fastly-Backend-Reqs
Lb
X-NGINX-Cache
CF-Cached-On
X-CSRF-TOKEN
X-Cs
Server-Id
Sid
X-Core-Mission
X-WA
X-COUNTRY
X-Node-Id
X-Provided-By
W
X-MG-S
X-UnsetCookies
X-ND-Cache
X-Reqid
X-Cache-Expires
X-Webkit-Csp-Report-Only
CloudFront-Viewer-Country
X-Trv-Group
X-Lb-Id
Cteonnt-Length
X-DynaTrace-JS-Agent
X-ServerName
X-Nc
X-FORWARDED-FOR
URI
X-VC
WZWS-RAY
X-Check-Cacheable
X-Via-CDN
Env
X-Pjax-Url
WP-Super-Cache
CountryCode
Ohc-Cache-HIT
X-Cache-Backend
X-Fastly-Request-Id
X-CCDN-CacheTTL
X-Cache-Status-Check
X-Sucuri-Cache
X-SERVER-NAME
X-Via-PopH
X-Region-Sid
X-Via-PopV
X-CCDN-Origin-Time
X-Via-PopN
X-Hcs-Proxy-Type
X-Pf-Uncompressing
Xc-Version
Shield-Pop
X-IN-APIGATEWAYSSL
X-Moov-T
X-SN
X-CUA
X-Moov-Xdn-Version
Mime-Version
X-ServedByHost
X-Pad
X-IN-APIGATEWAY
EpKe-Alive
X-Ig-Push-State
X-Acquia-Application-Trace
X-Acquia-Site
X-Edge-POP
User-Agent
X-RAMCache
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Cache-ASPX
X-Varnish-Authentication
Rt-Fastcgi-Cache
X-Fastly-Cache-Hits
CACHE
X-LiteSpeed-Cache-Control
Server-Ttl
X-Contensis-Viewer-Groups
VivaBuild
Viewtype
X-RSL
X-Cdn-Request-ID
Ohc-Response-Time
Xet-Cookie
X-StackifyID
X-DW
X-Webstats-RespID
X-Dw-Trace-Id
X-Swift-Error
Vha6-Origin
X-Action
X-DB
X-DI
X-DSS
X-RPM
X-Amz-Meta-Opti
X-Yottaa-OS
X-RPS
FSS-Cache
X-SB
X-Cdn-Forward
X-Oss-Hash-Crc64ecma
X-Nginx-Upstream-Cache-Status
X-Dispatch
On-Server
X-Oss-Object-Type
X-Oss-Request-Id
X-Parent-Response-Time
X-Oss-Storage-Class
X-Oss-Server-Time
HIT
Content-Script-Type
X-MiniProfiler-Ids
ServerName
X-CF-Powered-By
X-TH-Server
X-ElasticPress-Search
Hit
Content-Style-Type
Machine
Req-ID